Ramblings about security, rants about insecurity, occasional notes about reverse engineering, and of course, musings about malware. What more could you ask for?

Tuesday, June 13, 2017

CRASHOVERRIDE guidance from NCCIC is confusing at best

After reviewing the awesome Dragos Inc report on CRASHOVERRIDE, Rendition analysts received a similar alert from US Cert and NCCIC. After reviewing the guidance from NCCIC, we were less than thrilled. The second recommendation from NCCIC (take measures to avoid watering hole attacks) is impossible by its very definition. A watering hole attack first compromises a remote site that you would already be visiting in an attempt to compromise your network. The fact is that the victim is not being tricked into visiting a rogue site as is the case in phishing. There is frankly no way for an organization to do this. Unfortunately, the fact that this "mission impossible" is set as recommendation #2 means that many will stop trying to implement anything further down the stack, assuming that the rest may also be impossible by definition.